lsm: Remove the socket_post_accept() hook

The socket_post_accept() hook is not currently used by any in-tree modules and its existence continues to cause problems by confusing people about what can be safely accomplished using this hook. If a legitimate need for this hook arises in the future it can always be reintroduced. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

lsm: Remove the socket_post_accept() hook
The socket_post_accept() hook is not currently used by any in-tree modules and its existence continues to cause problems by confusing people about what can be safely accomplished using this hook. If a legitimate need for this hook arises in the future it can always be reintroduced. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Paul Moore · James Morris
1 parent 58bfbb51ff
Showing 4 changed files with 0 additions and 25 deletions Side-by-side Diff
include/linux/security.h
net/socket.c
security/capability.c
security/security.c
@@ -880,11 +880,6 @@
  *	@sock contains the listening socket structure.
  *	@newsock contains the newly created server socket for connection.
  *	Return 0 if permission is granted.
- * @socket_post_accept:
- *	This hook allows a security module to copy security
- *	information into the newly created socket's inode.
- *	@sock contains the listening socket structure.
- *	@newsock contains the newly created server socket for connection.
  * @socket_sendmsg:
  *	Check permission before transmitting a message to another socket.
  *	@sock contains the socket structure.
@@ -1554,8 +1549,6 @@
 			       struct sockaddr *address, int addrlen);
 	int (*socket_listen) (struct socket *sock, int backlog);
 	int (*socket_accept) (struct socket *sock, struct socket *newsock);
-	void (*socket_post_accept) (struct socket *sock,
-				    struct socket *newsock);
 	int (*socket_sendmsg) (struct socket *sock,
 			       struct msghdr *msg, int size);
 	int (*socket_recvmsg) (struct socket *sock,
@@ -2537,7 +2530,6 @@
 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
 int security_socket_listen(struct socket *sock, int backlog);
 int security_socket_accept(struct socket *sock, struct socket *newsock);
-void security_socket_post_accept(struct socket *sock, struct socket *newsock);
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
 			    int size, int flags);
@@ -2614,11 +2606,6 @@
 					 struct socket *newsock)
 {
 	return 0;
-}
-
-static inline void security_socket_post_accept(struct socket *sock,
-					       struct socket *newsock)
-{
 }
  
 static inline int security_socket_sendmsg(struct socket *sock,
@@ -1536,8 +1536,6 @@
 	fd_install(newfd, newfile);
 	err = newfd;
  
-	security_socket_post_accept(sock, newsock);
-
 out_put:
 	fput_light(sock->file, fput_needed);
 out:
@@ -620,10 +620,6 @@
 	return 0;
 }
  
-static void cap_socket_post_accept(struct socket *sock, struct socket *newsock)
-{
-}
-
 static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
 {
 	return 0;
@@ -1014,7 +1010,6 @@
 	set_to_cap_if_null(ops, socket_connect);
 	set_to_cap_if_null(ops, socket_listen);
 	set_to_cap_if_null(ops, socket_accept);
-	set_to_cap_if_null(ops, socket_post_accept);
 	set_to_cap_if_null(ops, socket_sendmsg);
 	set_to_cap_if_null(ops, socket_recvmsg);
 	set_to_cap_if_null(ops, socket_getsockname);
@@ -1007,11 +1007,6 @@
 	return security_ops->socket_accept(sock, newsock);
 }
  
-void security_socket_post_accept(struct socket *sock, struct socket *newsock)
-{
-	security_ops->socket_post_accept(sock, newsock);
-}
-
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
 {
 	return security_ops->socket_sendmsg(sock, msg, size);
...	...	@@ -880,11 +880,6 @@
880	880	* @sock contains the listening socket structure.
881	881	* @newsock contains the newly created server socket for connection.
882	882	* Return 0 if permission is granted.
883		- * @socket_post_accept:
884		- * This hook allows a security module to copy security
885		- * information into the newly created socket's inode.
886		- * @sock contains the listening socket structure.
887		- * @newsock contains the newly created server socket for connection.
888	883	* @socket_sendmsg:
889	884	* Check permission before transmitting a message to another socket.
890	885	* @sock contains the socket structure.
...	...	@@ -1554,8 +1549,6 @@
1554	1549	struct sockaddr *address, int addrlen);
1555	1550	int (socket_listen) (struct socket sock, int backlog);
1556	1551	int (socket_accept) (struct socket sock, struct socket *newsock);
1557		- void (socket_post_accept) (struct socket sock,
1558		- struct socket *newsock);
1559	1552	int (socket_sendmsg) (struct socket sock,
1560	1553	struct msghdr *msg, int size);
1561	1554	int (socket_recvmsg) (struct socket sock,
...	...	@@ -2537,7 +2530,6 @@
2537	2530	int security_socket_connect(struct socket sock, struct sockaddr address, int addrlen);
2538	2531	int security_socket_listen(struct socket *sock, int backlog);
2539	2532	int security_socket_accept(struct socket sock, struct socket newsock);
2540		-void security_socket_post_accept(struct socket sock, struct socket newsock);
2541	2533	int security_socket_sendmsg(struct socket sock, struct msghdr msg, int size);
2542	2534	int security_socket_recvmsg(struct socket sock, struct msghdr msg,
2543	2535	int size, int flags);
...	...	@@ -2614,11 +2606,6 @@
2614	2606	struct socket *newsock)
2615	2607	{
2616	2608	return 0;
2617		-}
2618		-
2619		-static inline void security_socket_post_accept(struct socket *sock,
2620		- struct socket *newsock)
2621		-{
2622	2609	}
2623	2610
2624	2611	static inline int security_socket_sendmsg(struct socket *sock,
...	...	@@ -1536,8 +1536,6 @@
1536	1536	fd_install(newfd, newfile);
1537	1537	err = newfd;
1538	1538
1539		- security_socket_post_accept(sock, newsock);
1540		-
1541	1539	out_put:
1542	1540	fput_light(sock->file, fput_needed);
1543	1541	out:
...	...	@@ -620,10 +620,6 @@
620	620	return 0;
621	621	}
622	622
623		-static void cap_socket_post_accept(struct socket sock, struct socket newsock)
624		-{
625		-}
626		-
627	623	static int cap_socket_sendmsg(struct socket sock, struct msghdr msg, int size)
628	624	{
629	625	return 0;
...	...	@@ -1014,7 +1010,6 @@
1014	1010	set_to_cap_if_null(ops, socket_connect);
1015	1011	set_to_cap_if_null(ops, socket_listen);
1016	1012	set_to_cap_if_null(ops, socket_accept);
1017		- set_to_cap_if_null(ops, socket_post_accept);
1018	1013	set_to_cap_if_null(ops, socket_sendmsg);
1019	1014	set_to_cap_if_null(ops, socket_recvmsg);
1020	1015	set_to_cap_if_null(ops, socket_getsockname);
...	...	@@ -1007,11 +1007,6 @@
1007	1007	return security_ops->socket_accept(sock, newsock);
1008	1008	}
1009	1009
1010		-void security_socket_post_accept(struct socket sock, struct socket newsock)
1011		-{
1012		- security_ops->socket_post_accept(sock, newsock);
1013		-}
1014		-
1015	1010	int security_socket_sendmsg(struct socket sock, struct msghdr msg, int size)
1016	1011	{
1017	1012	return security_ops->socket_sendmsg(sock, msg, size);